Vulnerability Details CVE-2022-40977
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.0%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-40977
-
cpe:2.3:a:pilz:pasvisu:1.10.0
-
cpe:2.3:a:pilz:pasvisu:1.11.0
-
cpe:2.3:a:pilz:pasvisu:1.8.0
-
cpe:2.3:a:pilz:pasvisu:1.9.0
-
cpe:2.3:h:pilz:pmi_v507:-
-
cpe:2.3:h:pilz:pmi_v512:-
-
cpe:2.3:h:pilz:pmi_v704e:-
-
cpe:2.3:h:pilz:pmi_v707e:-
-
cpe:2.3:h:pilz:pmi_v807:-
-
cpe:2.3:h:pilz:pmi_v812:-
-
cpe:2.3:h:pilz:pmi_v815:-
-
cpe:2.3:o:pilz:pmi_v507_firmware:-
-
cpe:2.3:o:pilz:pmi_v507_firmware:1.3.58
-
cpe:2.3:o:pilz:pmi_v512_firmware:-
-
cpe:2.3:o:pilz:pmi_v512_firmware:1.3.58
-
cpe:2.3:o:pilz:pmi_v704e_firmware:-
-
cpe:2.3:o:pilz:pmi_v707e_firmware:-
-
cpe:2.3:o:pilz:pmi_v807_firmware:-
-
cpe:2.3:o:pilz:pmi_v812_firmware:-
-
cpe:2.3:o:pilz:pmi_v815_firmware:-